- bump PORTEPOCH
- remove deprecated ports from CONFLICTS_INSTALL
- add BLACKLISTD to OPTIONS_DEFAULT
- MYSQL_USES s/=/?=/ to allow testbuild without
defining XX MYSQL dedicated make.conf's in poudriere
- add postlogd to STRIP_LIBEXEC
Incompatibility with snapshot 20190615
====================================
The Postfix TLS library by default no longer waits after sending a
TLS 'close' notification. This should be safe with TLSv1.2 and
later. Specify "tls_fast_shutdown_enable = no" to enable historical
Postfix behavior.
Major changes with snapshot 20190615
====================================
After sending a TLS 'close' notification, the Postfix library by
default no longer waits for the TLS peer to respond. According to
RFC 2246 (TLSv1.2) section 7.2.1, "It is not required for the
initiator of the close to wait for the responding close_notify alert
before closing the read side of the connection."
The SMTP+LMTP delivery agent can now prepend Delivered-To, X-Original-To
and Return-Path headers, just like the pipe(8) delivery agent. This
uses the same "flags=DOR" command-line flags in master.cf. See the
smtp(8) manpage for details.
This obsoletes the "lmtp_assume_final = yes" setting, and replaces
it with "flags=...X...", for consistency with pipe(8).
20190516
Initial search order support for check_ccert_access. The
default behavior is backwards-compatible. This is work in
progress; see the RELEASE_NOTES for examples.
20190517
Bugfix: postconf mis-parsed text starting with "{" such as
"check_ccert_access { inline:{a=b} { search_order=c,d } }".
Fixed by adding another level of recursion.
Note:
----------------------------------------------------------------------
Incompatibility with snapshot 20190427
======================================
Postfix now normalizes IP addresses received with XCLIENT, XFORWARD,
or with the HaProxy protocol, for consistency with direct connections
to Postfix. This may change the appearance of logging, and the way
that check_client_access will match subnets of an IPv6 address.
Changelog:
----------------------------------------------------------------------
20190331
Documentation: tlsext_padding is not a tls_ssl_options
feature. File: proto/postconf.proto.
20190401
Portability: to avoid a compile-time error on Solaris, added
"#undef sun" to util/unix_dgram_connect.c.
20190403
Bugfix (introduced: Postfix 2.3): a censoring filter broke
multiline Milter responses for header/body events. Problem
report by Andreas Thienemann. Files: util/printable.c,
util/stringops.h, smtpd/smtpd.c.
Bugfix (introduced: Postfix 3.3): "smtp_mx_address_limit = 0"
no longer meant 'unlimited'. Problem report by Luc Pardon.
File: smtp/smtp_addr.c.
20190427
Cleanup: normalize the IP address string forms received with
XCLIENT, XFORWARD, and HaProxy, for consistency with address
information for direct connections to Postfix, and add unit
tests. This casefolds and removes redundant nulls from the
string representation of an IPv6 address, normalizes the
"IPv6:" address prefix of RFC 2821 IPv6 address forms, and
converts IPv4 address octets with leading zeros (octal form)
into decimal form. Files: global/haproxy.c,
global/normalize_mailhost_addr.[hc], smtpd/smtpd.c.
Incompatibility: this may change the appearance of logging,
and the way that check_client_access will match subnets of
an IPv6 address.
20181014
Cleanup: figured out why vstring_get() did not return
VSTREAM_EOF in APPEND mode.
20181104
Multiple 'bit rot' fixes for OpenSSL API changes, including
support to disable TLSv1.3, to avoid issuing multiple session
tickets, and to allow OpenSSL >= 1.1.0 run-time micro version
bumps without complaining about library version mismatches.
20181105
Feature: "postmap -F" reads a source file with (key, filename)
entries, and creates database records with (key, base64-encoded
filecontent). This feature will be used for SNI lookup
table support, where each key will be a domainname, and
each value will contain a sequence of (private key, certificate
hierarchy) for that domainname. The same 'value is filename'
behavior is implemented in cidr:, inline:, pcre:, randmap:,
regexp:, and static: maps if the application sets the flag
DICT_FLAG_RHS_IS_FILE. In the forseeable future, this will
Simplify some ports where DragonFlyBSD no longer needs to be special-cased.
Submitted by: rene
Reviewed by: bapt, jbeich
Differential Revision: https://reviews.freebsd.org/D17724
